Onboarding Tasks
This topic provides a high level overview of setting up Lacework with your cloud accounts and machine workloads.
Integrate Your Cloud Account
Integrate your Lacework account with your cloud provider(s) in order to perform compliance monitoring and reporting, as well as monitoring for security using the cloud provider logs. Compliance identifies any configuration best practices violations that exist in your environment and notifies you. This helps you understand configurations and audit controls so you deploy cloud resources that adhere to best practices. Additionally, Lacework ingests AWS CloudTrail, Azure activity logs, and Google Cloud audit logs to provide detailed alerts for anomalous behavior.
For detailed information about integrating your cloud account, see the corresponding integration procedures:
- Integrate Lacework with AWS
- Integrate Lacework with Azure
- Integrate Lacework with Google Cloud
- Integrate Lacework with OCI
Integrate Your Host Machine
Lacework provides security for your workload through an installed agent on your host machine. Lacework provides process-aware threat and intrusion detection and notifies you through your chosen method of any events. After you install the Lacework agent on hosts, Lacework scans those hosts and streams select metadata to the Lacework data warehouse to build a baseline of normal behavior.
For detailed information about integrating host machines, see Lacework for Workload Security.
Integrate Your Container Registry
Lacework provides the ability to scan, identify, and report vulnerabilities found in the operating system-managed software packages in a container image before the container image is deployed. This means you can identify and take action on software vulnerabilities in your container images and manage that risk proactively. To scan, identify, and report vulnerabilities found in the operating system-managed software packages in a container image, create a container registry integration.
For detailed information about integrating containers, see Integrate Container Registries.
Set up an Alert Channel
As part of your Lacework integration, you may see a surge of alerts while Lacework is in the initial learning phase. This is expected behavior while Lacework sets baselines and learns anomalous behavior.
Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels (outgoing integrations), you define information about where to send alerts, such as to Jira or Slack. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts. This two-phase method provides the flexibility to define multiple channels and multiple rules, and then have each rule use the channels you specify. In this step you define the alert channels you want configured. Alert rules can be set up later in the Lacework Console.
For detailed information about setting up alert channels, see Alert Channels.
Add Users
Access control within Lacework is extremely powerful while remaining easy and intuitive to manage. Lacework's approach to access control lets you give more granular access to specific accounts and resources and prevents unwanted access to other accounts and resources.
Access privileges are assigned to roles, which are assigned to users at either an account level or organization level.
For detailed information about adding Organization Users, see Manage Access at Organization Level.
For detailed information about adding Account Users, see Manage Access at Account Level.
Set up Authentication
Lacework enables you to integrate your authentication provider of choice with your Lacework account.
For detailed information about setting up authentication for your specific provider (SAML, JIT, IdP), see Authentication.